Firesheep… How to get hacked with open networks

I urge everyone to read this website as there are a number of news stories about it right now:

Eric Butler – Software Developer in Seattle WA

The bottom line. It is now possible to download a simple Firefox extension and go to an open network (such as Aquilla and Pricilla’s) and log into other users Facebook or other accounts. You can do it. And others can do it to you.

It’s as simple as installing Firesheep and sit at the cafe waiting for someone to log into Facebook, or Twitter:

Firesheep opens a sidebar in Firefox and when you hit the start capturing button it watches for logins happening on that network. Could this affect us?

Yes.

Are there solutions? For Firefox, yes, but if you are still using Explorer you are still susceptible.

The problem is actually caused by the sites we visit as they are not encrypting the cookie sent back to us when we log in even though they are encrypting it when we send our password. Firesheep was actually created to demonstrate this vulnerability.

I definitely think we should discuss this at our meetings in the future.

Leave a Reply